Information Security Program Assessment Tool

Abstract

This self-assessment tool was created to evaluate the maturity of higher education information security programs using as a framework the International Organization for Standardization (ISO) 27002 "Information technology Security techniques. Code of practice for information security management." This tool was intended for use by an institution as a whole, although a unit within an institution may also use it to help determine the maturity of its individual information security program. Unless otherwise noted, it should be completed by chief information officer, chief information security officer or equivalent, or a designee. There are a total of 104 questions and on average it takes about 2 hours for an information security officer or equivalent, familiar with their environment, to complete this tool.